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DETAILED ACTION 

1 . Claims 1 - 32 have been presented for examination. Claims 1,9, 1 7, 25 have 
been amended; and new claims 33 and 34 have been added in an amendment filed 
3/7/2005. 

Response to Arguments 

2. Applicant's arguments filed on 3/7/2005 with respect to the subject matter of the 
instant claims have been fully considered but are not persuasive. 

3. As per claim 1 , Applicant remarks that Guski does not show the limitation of 
"translating said preferred word to produce a password (Page 11, 4 th Paragraph)." 
Examiner notes the argument has been fully considered but is not persuasive. The 
preferred word is interpreted as the "USER ID" and Guski teaches translating said 
preferred word USER ID) to produce a password (Guski: see for example, Figure 4 - 
Password Generation, Element 302 / Element 310). 

4. As per claim 9, 1 7 and 25, Applicant remarks that Guski does not show the 
limitation of "receiving input specifying a password format (Page 13, 3 rd Paragraph)." 
Examiner notes that the password format is interpreted as 8-characters which is used in 
the user's host application sign-on request as taught by Guski (Guski: see for example, 
Figure 4 Element 424 / 31 0 and Column 9 Line 1 5 - 1 7 & Column 1 1 Line 41 - 45). 

5. As per claims 5, 13, 21 and 29, Applicant remarks that Guski does not show or 
suggest "wherein said password is similar to said preferred word". Examiner notes that 
"similar to" can be interpreted as anything to some extents that are not identical - for 
example, both of the preferred word (i.e. USER ID) and one-time password are 64-bits 
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(or 8-bytes or 8-characters format) (Guski: see for example, Figure 4 Element 302 / 
Element 424) and thereby both are similar with respect to the format size. Although the 
claims are interpreted in light of the specification, limitations from the specification are 
not read into the claims. See In re Van Geuns, 988 F.2d 1 181 , 26 USPQ2d 1057 (Fed. 
Cir. 1993). 

6. For existing instant claims, Applicant further argues: "Guski actually teach away 
from the presented claimed invention because it teaches using rapidly changing 
dissimilar passwords generated independently of an application". Examiner notes 
Applicant's argument has no merit since the alleged limitation has not been 
incorporated into the claim. 

7. Regarding claims 1-3, 5. 6, 9-11, 13, 14, 17-19, 21. 22, 25-27, 29 and 30, 
Applicant remarks that the examiner has failed to state prima facie obviousness 
rejection. Examiner notes Claims 1-3, 5, 6, 9-11, 13, 14, 17-19, 21, 22, 25-27, 29 and 
30 are rejected under 35 U.S.C. 102(b) as anticipated by Guski. 

8. As per claim 7, 15, 23 and 31 , Applicant argues Examiner has not provided a 
motivation to combine the references. Examiner disagrees. Sufficient motivation is 
provided to combine the references - Please see the same reasons set forth in the 
following Office action. 

9. As per claim 8, 16, 24 and 32, Applicant argues Examiner has not provided a 
motivation to combine the references. Examiner disagrees. Sufficient motivation is 
provided to combine the references - Please see the same reasons set forth in the 
following Office action. 
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10. Claims 5, 13, 31 and 29 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. Applicant remarks: "Claims 5, 13, 31 and 29 
are definite because the scope of the term 'similar to" while broad, is definite and 
ascertainable" and Applicant accurately describes the nature of the term "similar to" vis- 
a-vis the claims in the specification. Examiner notes the 1 12-second paragraph 
rejections to claim 5, 1 3, 31 and 29 are withdrawn after the reconsideration of the 
arguments. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraph of 35 U.S.C. 102 that 
forms the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

11. Claims 1 -3, 5, 6, 9-11, 13, 14, 17-19, 21, 22, 25-27, 29-30and 33-34 
are rejected under 35 U.S.C. 102(b) as anticipated by Guski (Patent Number: 5592553). 

As per claim 1,9, 17 and 25, Guski teaches a method of generating a password, 
said method comprising: 

receiving input from said user, specifying a password format (Guski: see for 
example, Figure 4 Element 424 / 310 and Column 9 Line 15 - 17 & Column 1 1 Line 41 
- 45: 8-bytes or 8-characters format); 
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receiving a preferred word from a user (Guski: see for example, Abstract Line 1 - 
13 and Column 3 Line 57 - 60: Guski teaches the non-time-dependent information that 
ultimately generates the desired password is preferably derived from the information 
such as a user ID or application ID (Examiner notes "preferably" - could also be 
something else as user preferred), which is qualified to serve as a simple / preferred 
word); 

translating said preferred word to produce a password; and providing said 
password to an application (Guski: see for example, Figure 4 - Password Generation, 
Element 302 / Element 310, Column 1 1 Line 1 & Table 1 and Column 3 Line 18-36: 
The application is the target application as taught by Guski); 

wherein said preferred word is not stored (Guski: see for example, Figure 3 
Element 320: The preferred word is transported over to the server at each time of 
password validation process); 

said password is not stored (Guski: see for example, Column 3 Line 18 - 36 & 
Figure 3: One-time password is time-dependent and is not stored at the user/client 
side); and 

said password complies with said application's required password format (Guski: 
see for example, Column 9 Line 49 - 50: A legal password should evidently comply with 
the password format). 
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As per claim 2, 10, 18 and 26, Guski teaches the claimed invention as described 
above (see claim 1,9, 17 and 25 respectively). Guski teaches said translating includes 
encrypting said preferred word (Guski: see for example, Column 3 Line 57 - 60). 

As per claim 3, 1 1 , 19 and 27, Guski teaches the claimed invention as described 
above (see claim 1 , 9, 1 7 and 25 respectively). Guski teaches said translating includes 
substituting a character for another character (Guski: see for example, Column 1 1 Line 
1 & Table 1). 

As per claim 5, 13, 21 and 29, Guski teaches the claimed invention as described 
above (see claim 1,9, 17 and 25 respectively). Guski teaches wherein said password 
is similar to said preferred word (Guski: see for example, Figure 4 Element 302 / 
Element 424: Examiner notes that "similar to" can be interpreted as anything to some 
extents that are not identical - for example, both of the preferred word (i.e. USER ID) 
and one-time password are 64-bits (or 8-bytes or 8-characters) (Guski: see for example, 
Figure 4 Element 302 / Element 424) and thereby both are similar with respect to the 
format size). 

As per claim 6, 14, 22 and 30, Guski teaches the claimed invention as described 
above (see claim 1,9, 17 and 25 respectively). Guski teaches said translating is 
accomplished by software running on a first computer; and said target application runs 
on a second computer (Guski: see for example, Column 7 Line 4-7 and Figure 2). 
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As per claim 33 and 34, Guski teaches the claimed invention as described above 
(see claim 1 and 9 respectively). Guski further teaches a particular preferred word 
creates the same password each time the preferred word is translated (Guski: see for 
example, Figure 4 Element 302 and Element 410: Guski indeed discloses a particular 
preferred word (i.e. USER ID) creates the same non-time-dependent password 
(Element 410) after the DES encryption - each time the preferred word is translated 
from USER ID in conjunction with Application ID and Sign-on key after XOR and DES 
encryptions / translations into a 64-bit (or 8-byte / 8-characters format)). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

1 2. Claims 4, 7 - 8, 1 2, 1 5 - 16, 20, 23 - 24, 28 and 31 - 32 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Guski (Patent Number: 5592553), in view of 
Audebert (Patent Number: 5887065). 
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As per claim 7, 15, 23 and 31 , Guski teaches the claimed invention as described 
above (see claim 1,9, 17 and 25 respectively). Guski does not disclose expressly said 
translating is accomplished at least in part by a smart card. 

Audebert teaches said translating is accomplished at least in part by a smart card 
(Audebert: see for example, Figure 9 and Column 17 Line 13-19). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Audebert within the system of Guski 
because (a) Guski teaches a password generating / translating method through the use 
of non-time dependent / non-secret information (Guski: see for example, Column 3 Line 
57 - 62) and (b) Audebert teaches a method that most of the translating / converting 
functions involved in the generation of the password can be implemented into the smart 
card (Audebert: see for example, Column 17 Line 17 - 19) so that the software 
implementation on the PC can be simplified (Audebert: see for example, Column 17 
Line 13- 15). 

As per claim 4, 12, 20 and 28, Guski teaches the claimed invention as described 
above (see claim 1,9, 17 and 25 respectively). Guski does not disclose expressly said 
translating includes inserting at least one special character. 

Audebert teaches said translating includes inserting at least one special 
character (Audebert: see for example, Abstract Line 13-14: Audebert teaches adding 
the digits to the generated password). See the same rationale of combination applied 
herein as above in rejecting claim 7. 
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It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to modify adding the digits to the generated password to 
accommodate adding the special characters to the generated password because 
password format rule that requires special characters is well-known in the art (Audebert: 
see for example, Abstract Line 13-14). 

As per claim 8, 16, 24 and 32, Guski teaches the claimed invention as described 
above (see claim 1,9, 17 and 25 respectively). Guski does not disclose expressly said 
translating is accomplished by software running on the same computer as said target 
application. 

Audebert teaches said translating is accomplished by software running on the 
same computer as said target application Audebert: see for example, Abstract, the Last 
two sentences and Column 17 Line 13-19: Examiner notes "smart card" is considered 
as part of the computer integrated / closed entity and thereby, translating / generating a 
password on a smart card through the use of non-time dependent / non-secret 
information is indeed translating accomplished by software running on "the same" 
computer as said target application - i.e. target application residing on the same 
computer (i.e. PC)). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Audebert within the system of Guski 
because (a) Guski teaches a password generating / translating method through the use 
of non-time dependent / non-secret information (Guski: see for example, Column 3 Line 
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57 - 62) and (b) Audebert teaches a method that most of (or part of) the translating / 
converting functions involved in the generation of the password can be implemented 
into the smart card (Audebert: see for example, Column 17 Line 17 - 19) so that the 
software implementation on the PC can be simplified (Audebert: see for example, 
Column 1 7 Line 1 3 - 1 5) - Moreover, Audebert further teaches the concept of "virtual 
token" (i.e. virtual smart-card) where the time-dependent variables can be generated 
outside the smart card (i.e. by the PC) while the non-time dependent information (such 
as static-key) is stored on the smart card that it can offer the advantages without using 
the permanent power supply in the card while still further simplification, the key can be 
static (Audebert: see for example, Column 17 Line 53-60) and the software 
implementation on the PC can also be simplified (Audebert: see for example, Column 
17 Line 13-15) due to offload some tasks to the smart card. 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 8:00am-4:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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Examiner 
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